Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/mBXb2boBQD64TLoWn4Zh1rqCAcg.roa
File: mBXb2boBQD64TLoWn4Zh1rqCAcg.roa (raw, json)
Hash identifier: ZX2yeD+qikYMaWGw9f7Ga1ZGLd393lsnCDdUVbjc544=
Subject key identifier: 98:15:DB:D9:BA:01:40:3E:B8:4C:BA:16:9F:86:61:D6:BA:82:01:C8
Certificate issuer: /CN=1f046cde8512802b14933b34a22f7765e295d2ab
Certificate serial: 019B7CEE1C56CC039EDB20F70958C330E07C
Authority key identifier: 1F:04:6C:DE:85:12:80:2B:14:93:3B:34:A2:2F:77:65:E2:95:D2:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HwRs3oUSgCsUkzs0oi93ZeKV0qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/mBXb2boBQD64TLoWn4Zh1rqCAcg.roa
Signing time: Fri 02 Jan 2026 04:18:58 +0000
ROA not before: Fri 02 Jan 2026 04:18:58 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198471
IP address blocks: 5.133.54.0/23 maxlen: 23
5.133.55.0/24 maxlen: 24
5.133.56.0/22 maxlen: 22
5.133.56.0/23 maxlen: 23
5.133.56.0/24 maxlen: 24
5.133.57.0/24 maxlen: 24
5.133.58.0/23 maxlen: 23
5.133.58.0/24 maxlen: 24
5.133.59.0/24 maxlen: 24
5.133.60.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/HwRs3oUSgCsUkzs0oi93ZeKV0qs.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/HwRs3oUSgCsUkzs0oi93ZeKV0qs.mft
rsync://rpki.ripe.net/repository/DEFAULT/HwRs3oUSgCsUkzs0oi93ZeKV0qs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ee:1c:56:cc:03:9e:db:20:f7:09:58:c3:30:e0:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f046cde8512802b14933b34a22f7765e295d2ab
Validity
Not Before: Jan 2 04:18:58 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9815dbd9ba01403eb84cba169f8661d6ba8201c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:69:f3:8f:7c:24:3b:99:0f:af:89:e8:25:8a:
ac:31:7f:99:a2:4a:37:b2:3b:45:de:e0:2a:48:65:
cf:a0:47:78:28:4c:1a:02:2d:be:6e:93:92:63:bd:
53:3f:93:de:3d:96:2b:37:21:d6:1a:b8:ac:d5:d1:
7a:61:06:cf:5c:1b:15:d8:a9:99:c4:56:c5:98:08:
75:69:86:86:1a:a7:da:18:d0:7e:f5:04:83:db:cd:
c6:b0:5d:fa:fa:9e:0c:97:a0:bc:f9:85:05:5c:03:
60:9b:ea:c3:5a:7a:23:cb:c6:68:d9:9e:2b:77:f9:
b2:51:f0:09:e2:dc:74:09:e7:cc:cd:ff:3a:d0:99:
74:d4:a9:db:99:09:c3:d6:cb:d1:ee:13:ed:c2:df:
96:cc:b7:c9:9b:b7:f1:e2:88:07:da:b3:40:d0:da:
37:e6:b7:ca:39:5e:9c:1b:87:7e:94:57:3f:f6:55:
13:4b:28:75:cb:b9:13:44:e4:27:22:06:cc:21:24:
03:59:64:c5:6b:51:87:7e:3e:21:61:08:50:ce:40:
09:36:ee:dd:bf:7e:05:ca:78:62:37:13:f4:91:42:
89:72:d1:ad:30:ed:6c:6c:7c:95:8b:4f:ef:77:31:
24:ee:83:20:07:e5:1a:ae:4a:2e:2c:d6:f5:dd:0c:
44:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:15:DB:D9:BA:01:40:3E:B8:4C:BA:16:9F:86:61:D6:BA:82:01:C8
X509v3 Authority Key Identifier:
keyid:1F:04:6C:DE:85:12:80:2B:14:93:3B:34:A2:2F:77:65:E2:95:D2:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwRs3oUSgCsUkzs0oi93ZeKV0qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/mBXb2boBQD64TLoWn4Zh1rqCAcg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/HwRs3oUSgCsUkzs0oi93ZeKV0qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.54.0-5.133.60.255
Signature Algorithm: sha256WithRSAEncryption
8e:d1:a2:52:cb:f2:c2:25:eb:e7:35:e5:86:70:5f:72:5c:2c:
7f:42:33:f1:84:1e:30:15:8d:20:d8:50:de:81:40:51:47:52:
f3:f1:b0:5d:f1:17:b4:a7:aa:c0:9d:d9:50:65:c5:18:6a:95:
87:7e:32:3c:19:f9:fb:08:b0:38:cb:4c:7e:a4:af:24:cf:89:
13:77:fc:8d:f8:78:c0:4a:ae:47:e1:fa:3b:bb:0a:92:71:f5:
03:55:e7:7c:49:ff:8a:7f:c2:ca:8f:fc:52:5c:50:88:c3:ea:
ad:42:f0:f2:93:7e:a0:50:2d:ba:7c:06:94:cb:67:67:80:53:
2e:ec:e4:a6:29:5d:e1:82:af:31:9c:5c:68:ff:fa:c6:6d:c4:
40:a4:a7:49:d9:92:2c:e0:b9:02:77:59:93:2d:e9:1d:2f:a3:
9f:82:e8:6b:55:c3:95:51:9c:43:02:0c:8e:b1:7f:01:91:c6:
3b:5e:40:d9:c1:38:d8:c8:26:30:ed:3a:a5:0b:6c:29:dd:6c:
65:69:6e:b2:71:da:1c:19:be:2f:71:fa:d9:97:ca:74:e2:05:
7d:77:54:0c:33:41:af:18:8d:fd:89:c1:89:05:f4:4c:1e:c4:
79:02:35:99:c4:ff:f9:0f:71:46:e5:8e:28:9a:67:18:cb:5e:
a6:1a:7e:5d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt87hxWzAOe2yD3CVjDMOB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMDQ2Y2RlODUxMjgwMmIxNDkzM2IzNGEyMmY3NzY1ZTI5
NWQyYWIwHhcNMjYwMTAyMDQxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODE1ZGJkOWJhMDE0MDNlYjg0Y2JhMTY5Zjg2NjFkNmJhODIwMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2nzj3wkO5kPr4noJYqsMX+Zoko3
sjtF3uAqSGXPoEd4KEwaAi2+bpOSY71TP5PePZYrNyHWGris1dF6YQbPXBsV2KmZ
xFbFmAh1aYaGGqfaGNB+9QSD283GsF36+p4Ml6C8+YUFXANgm+rDWnojy8Zo2Z4r
d/myUfAJ4tx0CefMzf860Jl01KnbmQnD1svR7hPtwt+WzLfJm7fx4ogH2rNA0No3
5rfKOV6cG4d+lFc/9lUTSyh1y7kTROQnIgbMISQDWWTFa1GHfj4hYQhQzkAJNu7d
v34FynhiNxP0kUKJctGtMO1sbHyVi0/vdzEk7oMgB+UarkouLNb13QxE0wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJgV29m6AUA+uEy6Fp+GYda6ggHIMB8GA1UdIwQY
MBaAFB8EbN6FEoArFJM7NKIvd2XildKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHdSczNvVVNnQ3NVa3pzMG9pOTNaZUtWMHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84MGU3NDAtMmM4Yy00NWE2LTkzOGMt
MjE5YjlmNmY5MDg3LzEvbUJYYjJib0JRRDY0VExvV240WmgxcnFDQWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84MGU3NDAtMmM4Yy00NWE2LTkzOGMtMjE5YjlmNmY5MDg3
LzEvSHdSczNvVVNnQ3NVa3pzMG9pOTNaZUtWMHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAEFhTYD
BAAFhTwwDQYJKoZIhvcNAQELBQADggEBAI7RolLL8sIl6+c15YZwX3JcLH9CM/GE
HjAVjSDYUN6BQFFHUvPxsF3xF7SnqsCd2VBlxRhqlYd+MjwZ+fsIsDjLTH6kryTP
iRN3/I34eMBKrkfh+ju7CpJx9QNV53xJ/4p/wsqP/FJcUIjD6q1C8PKTfqBQLbp8
BpTLZ2eAUy7s5KYpXeGCrzGcXGj/+sZtxECkp0nZkizguQJ3WZMt6R0vo5+C6GtV
w5VRnEMCDI6xfwGRxjteQNnBONjIJjDtOqULbCndbGVpbrJx2hwZvi9x+tmXynTi
BX13VAwzQa8Yjf2JwYkF9EwexHkCNZnE//kPcUbljiiaZxjLXqYafl0=
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:47:47 2026 by rpki-client